oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: XXE in Openpyxl

From: Sébastien Delafond <seb () debian org>
Date: Tue, 7 Feb 2017 09:57:39 +0000 (UTC)
Hello,

the Debian Security Team would like to request a CVE for an XML XEE
discovered in Openpyxl by Marcin Ulikowski from F-Secure; Openpyxl
resolves external entities by default:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442
  https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1

Cheers,

--Seb
Previous By Date Next
Previous By Thread Next

Current thread: